from flask import request, session, make_response

from models.models import User


def casbin_middleware(enforcer):
    user_id = session.get("user_id")
    user = User.query.filter_by(id=user_id).first()
    if user is None:
        return make_response('用户未登录！！！', 401)
    path = request.path
    method = request.method
    if not enforcer.enforce(user.role, path, method):
        return make_response("没有权限！！", 403)

